Google Authenticator – WordPress Two Factor Authentication (2FA)

説明

Note: プラグインはGDPRに準拠しており、言語翻訳をサポートしています。

Secure your WordPress login with an additional layer of security from us! The setup takes minutes, yet protects your site forever.
This plugin provides two factor authentication (TFA) during login. If you are looking for OTP Verification of users during Registration then we have a separate plugin for this. Click Here to learn more.

Why do you need to register?

miniOrange Two-factor Plugin uses miniOrange APIs to communicate between your WP and miniOrange. To keep this communication secure, we ask you to register and assign you API keys specific to your account. This way your account and users calls can be only accessed by API keys assigned to you.
Adding to this, you can also use the same account on multiple applications and your users do not have to maintain multiple accounts or 2-factors.

Add Ons [Applicable for Free and Standard Plans, Inclusive in the Premium Plan]

RBA & Trusted Devices Management Add-on Features

Remember Device

Set Device Limit for the users to login

IP Restriction: Limit users to login from specific IPs

Personalization Add-on Features

Custom UI of Two Factor Authentication (2FA) popups

Custom Email and SMS Templates

‘powered by’ ロゴをカスタマイズする

プラグインアイコンのカスタマイズ

プラグイン名をカスタマイズする

Short Codes Add-on Features

Option to turn on/off 2-factor by user

Option to configure the Google Authenticator and Security Questions by user

Option to ‘Enable Remember Device’ from a custom login form

On-Demand ShortCodes for specific functionalities ( like for enabling 2FA for specific pages)

You can select the roles under Login Settings tab to enable the plugin role wise. [PREMIUM FEATURE]

I have enabled Two-Factor Authentication (2FA) for all users, what happens if an end user tries to login but has not yet registered ?

If a user has not setup Two-Factor yet, user has to register by inline registration that will be invoked during the login.

I want to enable only one authentication method for my users. What shloud I do?

You can select the authentication methods under Login Settings tab. The selected authentication methods will be shown to the user during inline registration. [PREMIUM FEATURE]

I am getting the fatal error of call to undefined function json_last_error(). What should I do?

Please check your php version. The plugin is supported in php version 5.3.0 or above. You need to upgrade your php version to 5.3.0 or above to use the plugin.

I did not recieve OTP while trying to register with miniOrange. What should I do?

The OTP is sent to your email address with which you have registered with miniOrange. If you can’t see the email from miniOrange in your mails, please make sure to check your SPAM folder. If you don’t see an email even in SPAM folder, please submit a query in our Support Section in the plugin or you can contact us at info@miniorange.com.

I want to configure 2nd factor by Google Authenticator.

Select the radio button next to Google Authenticator/Authy App and select the phone type and then scan the QR Code by Google Authenticator App. Enter the 6 digit code in the textbox and click on Save and verify buuton.

I want to configure 2nd factor by Authy 2-Factor Authentication App.

Select the radio button next to Google Authenticator/Authy App and select the phone type and then scan the QR Code by Authy 2-Factor Authentication App. Enter the 6 digit code from the Authy App into the textbox available and click on Save and Verifiy button.

I forgot the password of my miniOrange account. How can I reset it?

There are two cases according to the page you see –
1. Login with miniOrange screen: You should click on forgot password link. You will get a new password on your email address with which you have registered with miniOrange . Now you can login with the new password.

Register with miniOrange screen: Enter your email ID and any random password in password and confirm password input box. This will redirect you to Login with miniOrange screen. Now follow first step.

I have a custom / front-end login page on my site and I want the look and feel to remain the same when I add 2 factor ?

If you have a custom login form other than wp-login.php then we will provide you the shortcode. Shortcode will work only for the customized login page created from wordpress plugins. We are not claiming that it will work with all the customized login page. In such case, custom work is needed to integrate two factor with your customized login page. You can submit a query in our Support Section in the plugin or you can contact us at info@miniorange.com for more details.

I have Woocommerce theme login page on my site. How can I enable Two Factor ?

If you have Woocommerce theme login then go to Advanced Options Tab and check Enable Two-Factor for Woocommerce Front End Login. If you need any help setting up 2-Factor for your Woocommerce theme login form, please submit a query in our Support Section in the plugin or you can contact us at info@miniorange.com.

I have installed plugins which limit the login attempts like Limit Login Attempt, Loginizer, Wordfence etc. Is there any incompatibilities with these kind of plugins?

The limit login attempt kind of plugins limit the number of login attempts and block the IP temporarily. So if you are using 2 factor along with these kind of plugins then you should increase the login attempts (minimum 5) so that you dont get locked out yourself.

If you are using any Security Plugin in WordPress like Simple Security Firewall, All in One WP Security Plugin and you are not able to login with Two-Factor.

Our Two-Factor plugin is compatible with most of the security plugins, but if it is not working for you. Please submit a query in our Support Section in the plugin or you can contact us at info@miniorange.com.

If you are using any render blocking javascript and css plugin like Async JS and CSS Plugin and you are not able to login with Two-Factor or your screen got blank.

If you are using Async JS and CSS Plugin. Please go to its settings and add jquery in the list of exceptions and save settings. It will work. If you are still not able to get it right, Please submit a query in our Support Section in the plugin or you can contact us at info@miniorange.com.

My users have different types of phones. What phones are supported?

We support all types of phones. Smart Phones, Basic Phones, Landlines, etc. Go to Setup Two-Factor Tab and select Two-Factor method of your choice from a range of 8 different options.

What if a user does not have a smart phone?

You can select OTP over SMS, Phone Call Verification or Email Verification as your Two-Factor method. All these methods are supported on basic phones.

What if a user does not have any phone?

You can select Email Verification or Security Questions (KBA) as your Two-Factor method.

What if I am trying to login from my phone ?

If your Security Questions (KBA) are configured then you will be asked to answer them when you are logging in from your phone.

I want to hide default login form and just want to show login with phone?

You should go to Login Settings Tab and check Login with Phone Only checkbox to hide the default login form.

My phone has no internet connectivity and configured 2nd factor with miniOrange App, how can I login?

Enter the one time passcode shown in miniOrange Authenticator App in textbox, just like Google authenticator.

Click on submit button to validate the otp.

Once you are authenticated, you will be logged in.

My phone is lost, stolen or discharged. How can I login?

You can login using our alternate login method. Click on the Forgot Phone link and you will get 2 alternate methods to login. Select “Send a one time passcode to my registered email” to authenticate by OTP over EMAIL or Select “Answer your Security Questions (KBA)” to authenticate by knowledge based authenticaion.

My phone has no internet connectivity and i am entering the one time passcode from miniOrange Authenticator App, it says Invalid OTP?

Click on the Settings Icon on top right corner in miniOrange Authenticator App and then press Sync button under ‘Time correction for codes’ to sync your time with miniOrange Servers. If you still can’t logged in then please email us at info@miniorange.com or Contact us.Soft Token method is just like google authenticator method.

I want to go back to default login with password?

You should go to Login Settings Tab and uncheck Enable Two-Factor plugin checkbox. This will disable 2-Factor and you can login using wordpress default login.

I am upgrading my phone.

You should go to Setup Two Factor Tab and click on Reconfigure to reconfigure 2-Factor with your new phone.

What If I want to use any other second factor like OTP Over SMS, Security Questions, Device Id, etc ?

miniOrange authentication service has 15+ authentication methods.One time passcodes (OTP) over SMS, OTP over Email, OTP over SMS and Email, Out of Band SMS, Out of Band Email, Soft Token, Push Notification, USB based Hardware token (yubico), Security Questions, Mobile Authentication (QR Code Authentication), Voice Authentication (Biometrics), Phone Verification, Device Identification, Location, Time of Access User Behavior. To know more about authentication methods, please visit https://miniorange.com/strong_auth . If you want to have any other 2-factor for your WordPress site, please email us at info@miniorange.com or Contact us.

評価

We have really been under attack. First we installed a log plug-in, after a few days we saw there were literally hundreds of login attempts per day. So we started our search for a solution. After having tried a few different options we got hooked on MiniOrange. At first, we went with the OTP via email system they offer as it is very competitively priced. As we have quite a few authors on our blog and because we read that 2FA via Authenticator App was the safest option we choose for the enterprise version. We had a few issues while installing mainly caused by being to lazy to read the very extensive FAQ and Forum articles available on their website which lead us to contact their support team. And that did make us even happier about our choice. We have quite a number of premium plug-ins on our website but MiniOrange support is second to none. Till quite late in the evening we have been able to get support and from early in the morning as well. Truly high quality support till everything worked as we wished. The number of options is simply huge. Settings per role/per person, you name it, it is probably there. The Brute Force attack option is very valuable as it blocks an IP after a settable number of attempts and it can all be found back in a log. For us it really makes a difference in the peace of mind we have knowing that our website is protected. Great Stuff

I downloaded the app and installed the plugin for two factor authentication on my WordPress site, but there was a PHP issue and it didn't work, causing me to be locked out of my site. After contacting customer support, Mittal was really helpful and quick to reply. He scheduled a screen sharing meeting so he could see how to fix the issue, and told me exactly what needed to be fixed. It was resolved within 24 hours.
I was very impressed at this level of service for a free plugin. Thank you!

When I activated it, there was a popup asking for my password so I entered my password from my WP site. Turns out it created a miniOrange account WITH MY WP PASSWORD. The popup never mentioned anything about creating a new account at miniOrange, it just asked my password, doh! There's no option to delete my account on miniOrange so I had to change passwords on both sites. NOT COOL!!!

I took one look at the first page and decided to uninstall it immediately - I just wanted to add 2fa to my logins, not all the other stuff. And I certainly don't want to be pestered forever to upgrade.
Unfortunately, the current version (5.1.22) wouldn't deactivate or uninstall. Removing the plugin files altogether resulted in an error message about missing plugin files that I couldn't get rid of. I had to restore the entire database from a backup. Grr.

5.0.7

5.0.6

Google Authenticator-Two Factor Authentication (2FA) : Bug Fix for existing customers who upgraded from 4.5.x version to versions between 5.0.0 and 5.0.4 and are facing issues with the Account Setup Tab.

4.5.7

4.5.6

4.5.5

Google Authenticator-Two Factor Authentication (2FA) : 404 bug fixes.

4.5.4

Google Authenticator-Two Factor Authentication (2FA) : Better UI of Login Pages, Fixed Redirection issue. Fixed the error in the last version (4.5.3) for the customers who were getting undefined action error.